堆栈内存溢出
  简体   繁体   English

Python MYSQL 动态变量错误与 SQL 语法

[英]Python MYSQL dynamic variables error with SQL syntax

 原文  2021-12-28 13:48:35       python/ mysql

问题描述

I wrote below function:我在下面写了 function:

def update_record(col, new_value, date, finance_manager_table, connection):
    finance_manager_table.execute("""
       UPDATE financemanager
       SET %s = %s
       WHERE Date = %s
    """, (col, new_value, date))
    connection.commit()

Then I try to call the function with: dbc.update_record("Salary", "2500", "January/22", finance_manager_table, connection) and then experiencing the error:然后我尝试使用以下命令调用 function: dbc.update_record("Salary", "2500", "January/22", finance_manager_table, connection)然后遇到错误:

mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; mysql.connector.errors.ProgrammingError: 1064 (42000): 你的 SQL 语法有错误; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Salary' = 2500 WHERE Date = 'January/22'' at line 2检查与您的 MySQL 服务器版本相对应的手册,以在第 2 行的“薪水”= 2500 WHERE Date = 'January/22'' 附近使用正确的语法

So it looks as it creates correct statement, but still somehow wrong.所以看起来它创建了正确的陈述,但仍然是错误的。

I've removed 'col' and instead wrote "SET Salary = %s" which has worked.我已经删除了“col”,而是写了“SET Salary = %s”,这很有效。

Is it incorrect to write "SET %s = %s", or is there a problem with something else?写“SET %s = %s”是不对的,还是有其他问题?

Thanks!谢谢! Adam亚当

3 个解决方案

解决方案1
 1  2021-12-28 14:11:41

You need to use one of Python's string formatting methods(f-string, .format) for the database object names(tables, columns, etc.) also a good idea to wrap them in backticks and use %s substitution of the.execute() method for values to prevent SQL injection:您需要对数据库 object 名称(表、列等)使用 Python 的字符串格式化方法之一(f-string、.format),将它们包装在反引号中并使用%s替换 the.execute( ) 防止 SQL 注入的值的方法:

def update_record(col, new_value, date, finance_manager_table, connection):
    finance_manager_table.execute(f"""
       UPDATE financemanager
       SET `{col}` = %s
       WHERE Date = %s
    """, (new_value, date))
    connection.commit()

or或者

def update_record(col, new_value, date, finance_manager_table, connection):
    finance_manager_table.execute("""
       UPDATE financemanager
       SET `{}` = %s
       WHERE Date = %s
    """.format(col), (new_value, date))
    connection.commit()

解决方案2
 0 已采纳  2021-12-28 13:58:43

Use Python 3's f-Strings: An Improved String Formatting Syntax使用 Python 3 的 f-Strings:改进的字符串格式化语法

s = f"""
       UPDATE financemanager
       SET {col} = {new_value}
       WHERE Date = '{date}'
    """
finance_manager_table.execute(s)

解决方案3
 0  2021-12-28 14:00:06

I think the reason you were getting an error was because in the part of your query SET %s = %s , the first variable you were passing in was being interpreted as a string so it was surrounding it in single quotes.我认为您收到错误的原因是因为在您的查询部分SET %s = %s中,您传入的第一个变量被解释为字符串,因此它用单引号括起来。 This was causing it not to be recognized as a column name.这导致它不能被识别为列名。 In other words it was turning that part of the query into SET 'Salary' = 2500换句话说,它将查询的那部分转换为SET 'Salary' = 2500

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 mysql使用python错误和SQL语法登录 - mysql sign in with python error with SQL syntax Python中的MySQL语法错误 - Mysql syntax error in python Python MySQL 语法错误 - Python MySQL Syntax Error Python-MySQL语法错误 - Python - MySQL syntax error python中的mysql错误语法 - mysql error syntax in python MySQL / Python语法错误 - MySQL/Python Syntax Error Python SQL语法错误 - Python SQL syntax error 将JSON写入MYSQL数据库时SQL语法中的PYTHON错误 - PYTHON error in SQL syntax while writing json to MYSQL database 使用python将值导入MySQL数据库时出现SQL语法错误 - SQL Syntax error while using python to import values into MySQL Database 在 mysql 数据库上使用 python 插入表时 Sql 语法错误 - Sql syntax error when insert into table with python on mysql database
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM